Well, the good news is that I at least think I’m doing all the right things.

I’ll spin up a new VM tomorrow and start from scratch.

It’s literally just a VM hosting Apache and nothing else.

I mean, it could be… I’ll try it with a 128 char base 52 name and see what happens

Yes, exactly. Super weird, shouldn’t happen. I wonder if I have a compromised box somewhere…

The random name is not in the public log. Someone else suggested that earlier. I checked CRT.sh and while my primary domain is there, the random one isn’t.

Previous experiments, yes, I sent a request. The random one, no.

As expected, it doesn’t show up. I had a couple of other subdomains configured before I switched to wildcard, but nothing matches the random one

Will do!

Shows up by name in the apache other_hosts…log, so yes

Nope, but that’s a good suggestion. I set this one up brand new for the experiment.

Mostly from AWS or the like, with occasional Chinese and Russian origins.

The scans look like requests to various WordPress endpoints, JavaScript files associated with known vulnerabilities etc

Even with a wildcard cert?

Yeah, this is interesting, I’ll dig more into this direction.

But the randomly generated subdomain has never seen a DNS registrar.

I do have *.mydomain.com registered though…hmmm

Nope

I don’t have any subdomains registered with DNS.

I attempted dig axfr example.com @ns1.example.com returned zone transfer DENIED

Yep. They show up in the other_hosts…log

I don’t think so? I have a letsencrypt wildcard cert, and reference that in the relevant .conf

Release the pornhub files!

R Pike is legend. His videos on concurrent programming remain reference level excellence years after publication. Just a great teacher as well as brilliant theoretical programmer.

Interesting! I’m going to look into this. Not sure my provider has this in their UI